// @login & register
const express = require("express");
const router = express.Router();
const bcrypt = require("bcrypt");
const jwt = require('jsonwebtoken');
const gravatar = require('gravatar');
const keys = require("../../config/keys");
const passport = require("passport");

const User = require("../../models/Users");

// 引入验证方法
const validateRegisterInput = require("../../validation/register");
const validateLoginInput = require("../../validation/login");

// $route  GET api/users/test
// @desc   测试接口
// @access public
router.get("/test",(req,res) => {
    res.json({msg:"it works"})
})

// $route  POST api/users/register
// @desc   注册接口 返回的注册的json数据
// @access public
router.post("/register",(req,res) => {

    const {errors,isValid} = validateRegisterInput(req.body);

    // 判断isValid是否通过
    if(!isValid){
        return res.status(400).json(errors);
    }

    // 查询数据库中是否拥有邮箱
    User.findOne({email:req.body.email})
        .then((user) => {
            if(user){
                return res.status(400).json({email:"邮箱已被注册!"})
            }else{
                const avatar = gravatar.url(req.body.email, {s: '200', r: 'pg', d: 'mm'});

                const newUser = new User({
                    name:req.body.name,
                    email:req.body.email,
                    avatar,
                    password:req.body.password
                })
                
                // 对密码进行加密
                bcrypt.genSalt(10, function(err, salt) {
                    bcrypt.hash(newUser.password, salt, (err, hash) => {
                        if(err) throw err;
                        // 生成的 hash 作为密码存入
                        newUser.password = hash;

                        newUser.save()
                            .then(user => res.json(user))
                            .catch(err => console.log(err));
                    });
                });
            }
        })
})

// $route  POST api/users/login
// @desc   登录接口 返回token jwt passport
// @access public

router.post("/login",(req,res) => {
    const {errors,isValid} = validateLoginInput(req.body);

    // 判断isValid是否通过
    if(!isValid){
        return res.status(400).json(errors);
    }

    const email = req.body.email;
    const password = req.body.password;
    // 查询数据库
    User.findOne({email})
        .then(user => {
            if(!user){
                return res.status(404).json({email:"用户不存在!"});
            }

            // 密码匹配
            bcrypt.compare(password, user.password)
                .then(isMatch => {
                    if(isMatch){
                        const rule = {id:user.id,name:user.name};
                        //  jwt.sign(payload, secretOrPrivateKey, [options, callback])  使用 Base64Url 编码
                        jwt.sign(rule,keys.secretOrKey,{expiresIn:3600},(err,token) => {
                            if(err) throw err;
                            res.json({
                                success:true,
                                token:"Bearer " + token
                            });
                            //  Authorization: Bearer <token>
                        })
                        // res.json({msg:"success"});
                    }else{
                        return res.status(400).json({password:"密码错误!"});
                    }
                })
        })
})

// $route  GET api/users/current
// @desc   测试token验证 返回 current user
// @access Private (私有接口 需要权限)
router.get("/current",passport.authenticate('jwt', { session: false }),(req,res) => {
    res.json({
        id:req.user.id,
        name:req.user.name,
        email:req.user.email
    });
})

module.exports = router;
